A
gap analysis compares the current security posture against a desired state (compliance framework, best practice) — identifying what's missing and what needs improvement.
Starting point for security programs. Maps current controls to NIST CSF, ISO 27001, or CIS Controls. Output: prioritized remediation roadmap. Often the first step before implementing a new framework.